For some reason, i just realized something ODD.
As i see it's major security risk, unless you use disk encryption, or disable this little thing...

It occurred to me, that regular user can use dd. This can be done physically/remotely if user has accoun/or can log on with ssh

By default FreeBSD allows any user to use dd.
User can copy disk, and save it to custom medium/net or whatever....
Later he can go home, and using his own version of FreeBSD mount image.... and now as root.
He will have access to everything..... therefore if / is unencrypted, he can try to brute gess passwords.....

EDIT: i didn't do much testing, it's late, i will do more tomorrow....
just realized, that i'm not sure if ordinary user can read /dev/....
worked for me, cause i'm wheel
And sorry if this is just false alarm

If they can gain access to the machine, they can probably steal your data -- who needs to use your systems dd, when they can use a live cd, external usb drive, and go to town with their own tools. You should also always think twice, what you allow people without uid 0 (root) to read.

By default, on FreeBSD, only root and user in the operator group can read raw disk devices (/dev/ad*, /dev/da*, etc). Hence "normal" users (those not in the operator group) cannot use dd to clone your harddrive.